[Security Solution] Filter Default policy details (elastic#76112) (el…

…astic#76819)
dgieselaar · Sep 4, 2020 · 8b400c1 · 8b400c1
1 parent 6d649dd
commit 8b400c1
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
@@ -11,6 +11,8 @@ import { getHostPolicyResponseHandler } from './handlers';
 
 export const BASE_POLICY_RESPONSE_ROUTE = `/api/endpoint/policy_response`;
 
+export const INITIAL_POLICY_ID = '00000000-0000-0000-0000-000000000000';
+
 export function registerPolicyRoutes(router: IRouter, endpointAppContext: EndpointAppContext) {
   router.get(
     {

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.test.ts
@@ -5,6 +5,7 @@
  */
 
 import { GetPolicyResponseSchema } from '../../../../common/endpoint/schema/policy';
+import { getESQueryPolicyResponseByHostID } from './service';
 
 describe('test policy handlers schema', () => {
   it('validate that get policy response query schema', async () => {
@@ -17,3 +18,21 @@ describe('test policy handlers schema', () => {
     expect(() => GetPolicyResponseSchema.query.validate({})).toThrowError();
   });
 });
+
+describe('test policy query', () => {
+  it('queries for the correct host', async () => {
+    const hostID = 'f757d3c0-e874-11ea-9ad9-015510b487f4';
+    const query = getESQueryPolicyResponseByHostID(hostID, 'anyindex');
+    expect(query.body.query.bool.filter.term).toEqual({ 'host.id': hostID });
+  });
+
+  it('filters out initial policy by ID', async () => {
+    const query = getESQueryPolicyResponseByHostID(
+      'f757d3c0-e874-11ea-9ad9-015510b487f4',
+      'anyindex'
+    );
+    expect(query.body.query.bool.must_not.term).toEqual({
+      'Endpoint.policy.applied.id': '00000000-0000-0000-0000-000000000000',
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
@@ -7,13 +7,23 @@
 import { SearchResponse } from 'elasticsearch';
 import { ILegacyScopedClusterClient } from 'kibana/server';
 import { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types';
+import { INITIAL_POLICY_ID } from './index';
 
 export function getESQueryPolicyResponseByHostID(hostID: string, index: string) {
   return {
     body: {
       query: {
-        match: {
-          'host.id': hostID,
+        bool: {
+          filter: {
+            term: {
+              'host.id': hostID,
+            },
+          },
+          must_not: {
+            term: {
+              'Endpoint.policy.applied.id': INITIAL_POLICY_ID,
+            },
+          },
         },
       },
       sort: [